Access to 2 domains from one computer?

The network is the forum.

Moderators: Steel, notfred

Access to 2 domains from one computer?

Postposted on Mon Feb 06, 2012 2:25 pm

Here's the scenario: Working for 2 different companies from the same office. One company is where my desk is, the other is 1000 miles away. I access files and email on the remote enterprise network by joining their domain over VPN. I also want to be able to join the local domain to access network drives and email exchange. I want to do both of these things on the same computer. Is this possible?

I really don't know what other details to provide. Any assistance is greatly appreciated.
JJCDAD
Gerbil Jedi
 
Posts: 1867
Joined: Fri Sep 17, 2004 3:11 pm
Location: Is this heaven? No, it's Iowa.

Re: Access to 2 domains from one computer?

Postposted on Tue Feb 07, 2012 8:11 am

The first thing is going to be their VPN client policy settings. Most companies that I've come across disable split-tunnelling, meaning that when you bring up the VPN connection all your network traffic goes down the VPN. That's to stop your box becoming a backdoor gateway on to their network behind their firewalls.
notfred
Grand Gerbil Poohbah
 
Posts: 3762
Joined: Tue Aug 10, 2004 10:10 am
Location: Ottawa, Canada

Re: Access to 2 domains from one computer?

Postposted on Tue Feb 07, 2012 8:15 am

I actually do the same thing. It is only possible (in my opinion) by installing a Virtual Machine software. I use either Oracle's VirtualBox or VMware's Workstation. Once you have a VM set up, you can then connect to your other domain via VPN and you will be connected to that domain while your local domain still remains intact on your main system.
thegleek
Darth Gerbil
Gold subscriber
 
 
Posts: 7367
Joined: Tue Jun 10, 2003 11:06 am
Location: Detroit, MI

Re: Access to 2 domains from one computer?

Postposted on Tue Feb 07, 2012 8:34 am

You *might* be able to make something work by installing 2 NICs and disabling the VPN driver for the 2nd one on its TCP/IP properties page. IIRC I did something like this a long time ago, but it was on Win2K and the local network was a workgroup (not a domain) so it may not be applicable.

thegleek's VM idea is probably a better approach...
(this space intentionally left blank)
just brew it!
Administrator
Gold subscriber
 
 
Posts: 37985
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Access to 2 domains from one computer?

Postposted on Tue Feb 07, 2012 9:15 am

A virtual machine is pretty much the only option if the OP is talking about joining a box to two AD domains. AD can be designed to allow two different domains to pass credentials to each other, but I don't think that's an option here.
Flatland_Spider
Gerbil Elite
 
Posts: 864
Joined: Mon Sep 13, 2004 8:33 pm
Location: The 918/539

Re: Access to 2 domains from one computer?

Postposted on Tue Feb 07, 2012 11:01 am

I'm going to ++ thegleek, JBI, and flatland_spider here. The VM is the way to go.

It's what I do at home for my work stuff.
Glorious
Darth Gerbil
Gold subscriber
 
 
Posts: 7884
Joined: Tue Aug 27, 2002 6:35 pm

Re: Access to 2 domains from one computer?

Postposted on Tue Feb 07, 2012 12:44 pm

Another vote for a VM.

I'm not aware of any way to have a workstation joined to two domains. If the other domain is trusted, you could access resources there, but that may or may not be possible depending on if there's a relationship and need between the companies for this.
spitfire650
Gerbil
 
Posts: 31
Joined: Sun Jan 01, 2012 5:36 pm

Re: Access to 2 domains from one computer?

Postposted on Tue Feb 07, 2012 1:56 pm

The downside (other than performance) of a VM is that you'll need another Windows license unless you're OK with using Linux to access one of the networks...
(this space intentionally left blank)
just brew it!
Administrator
Gold subscriber
 
 
Posts: 37985
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Access to 2 domains from one computer?

Postposted on Tue Feb 07, 2012 2:26 pm

just brew it! wrote:The downside (other than performance) of a VM is that you'll need another Windows license unless you're OK with using Linux to access one of the networks...

If he's running Win7 Pro or Enterprise he can install XP Mode and join the VM to the alternate domain.

And if VirtualPC isn't your thing, you can install VMware Player and run your XP Mode VM using that.
Steel
Global Moderator
Gold subscriber
 
 
Posts: 2327
Joined: Wed Dec 26, 2001 7:00 pm

Re: Access to 2 domains from one computer?

Postposted on Tue Feb 07, 2012 3:20 pm

Depending on which resources you are after on the two different domains, then yes, most can probably be accessed, say a printer or a file share, or even e-mail, but you will never be able to use it transparently or with single-sign on and similar without either a trust-relationship between the domains, or a third party credential manager that systems from both domains are looking up.

Doing it concurrently though is up to split tunneling and the vpn-part, but allowing split tunneling is as people have already said, usually frowned upon.
Aphasia
Grand Gerbil Poohbah
 
Posts: 3468
Joined: Tue Jan 01, 2002 7:00 pm
Location: Solna/Sweden

Re: Access to 2 domains from one computer?

Postposted on Tue Feb 07, 2012 3:47 pm

Can you have another client machine on the remote domain set up that you could use remote desktop to access it? I don't know enough about VPN or virtual machines to know if it's inherently more secure or not, but I would think you should be able to establish a secured connection from your local machine configured on your local domain and connect to the remote machine configured and connected to that domain. We use the remote web workplace built into SBS2003 for remote connections to desktop clients running at the office. Alternatively you should be able to set up port forwarding or somesuchthing with VPN to access the remote machine directly from the RDP client on your local machine (ie. remotemachineipaddress:3389). I think you might find performance is much better than VPN for larger files, etc. I used to VPN at work and it was painful working on even modestly sized spreadsheets, etc. vs. just remoting into an available machine for the same work. Just a thought!
i7-3770K | Asus P8Z77-V LK | 8GB DDR3-1600 | HD5850 | 128GB 840 Pro | Samsung F3 1TB | U2412M | Define R4 | Seasonic 520W M12II | Win7 Pro x64.
frumper15
Gerbil Team Leader
Silver subscriber
 
 
Posts: 242
Joined: Mon Jan 18, 2010 3:25 pm

Re: Access to 2 domains from one computer?

Postposted on Tue Feb 07, 2012 4:39 pm

Thanks for all the great info!

I think I've got him convinced that the easiest thing to do is just use LogMeIn to access local files and email. I installed it today and he's test driving it now. If he decides it won't work for his needs, I'll suggest the VM route.

Thanks again.
JJCDAD
Gerbil Jedi
 
Posts: 1867
Joined: Fri Sep 17, 2004 3:11 pm
Location: Is this heaven? No, it's Iowa.

Re: Access to 2 domains from one computer?

Postposted on Wed Feb 08, 2012 12:49 am

frumper15 wrote:Can you have another client machine on the remote domain set up that you could use remote desktop to access it? I don't know enough about VPN or virtual machines to know if it's inherently more secure or not, but I would think you should be able to establish a secured connection from your local machine configured on your local domain and connect to the remote machine configured and connected to that domain. We use the remote web workplace built into SBS2003 for remote connections to desktop clients running at the office. Alternatively you should be able to set up port forwarding or somesuchthing with VPN to access the remote machine directly from the RDP client on your local machine (ie. remotemachineipaddress:3389). I think you might find performance is much better than VPN for larger files, etc. I used to VPN at work and it was painful working on even modestly sized spreadsheets, etc. vs. just remoting into an available machine for the same work. Just a thought!

I just don't see how that would work AT all.... If you RDP'd into a secure connection via VPN, you essentially are JOINING a domain. So how would that remote computer be able to join a different one then it's already assigned to? Not likely.

JJCDAD wrote:I think I've got him convinced that the easiest thing to do is just use LogMeIn to access local files and email. I installed it today and he's test driving it now. If he decides it won't work for his needs, I'll suggest the VM route.[

I'm confused. You asked for help. Everyone gave suggestions, and you chose another option that NONE of us suggested. Interesting.
thegleek
Darth Gerbil
Gold subscriber
 
 
Posts: 7367
Joined: Tue Jun 10, 2003 11:06 am
Location: Detroit, MI


Return to Networking

Who is online

Users browsing this forum: No registered users and 2 guests